Poodlebleed

normis · October 15, 2014, 10:25am

Before anybody asks, RouterOS is not affected by the Poodlebleed exploit.

jarda · October 15, 2014, 4:19pm

This is the first time I see such active approach from mikrotik. Keep going forward with this. I appreciate that.

boen_robot · October 15, 2014, 4:48pm

I hadn’t heard of it, but now that I’ve seen it, I’m almost wondering how it hasn’t been found sooner (like, as soon as SSL 3.0 became an easy to decrypt protocol). I mean, OBVIOUSLY, if you have a control over the network between client and server, you can drop some of the connections. I never knew SSL/TLS tries to make several connections at the handshake. I thought it’s one connection with packets back & forth (which would be more secure, but then again, I can also see how legacy applications might be broken with that approach, and thus how clients ended up doing the “downgrade dance”).

OK, onto MikroTik…

@normis

When you say MikroTik is not affected, it’s not affected because…

You have SSL 3.0 (and older) disabled or
You use an OpenSSL version with TLS_FALLBACK_SCSV support, and have that enabled
?

Ordghio · October 17, 2014, 8:26am

What about SSLv3 based SSTP? Is affected?

normis · October 17, 2014, 11:30am

It only uses TLS and that is not affected.